Each application enables indirect branch tracking (forward cfi) for itself
via prctl. Adding branch tracking prctl in linux-user/syscall.

Using same prctl code as proposed in cfi patches in kernel mailing list [1]

[1] - https://lore.kernel.org/all/20240403234054.2020347-1-debug@rivosinc.com/

Signed-off-by: Deepak Gupta <debug@rivosinc.com>
Co-developed-by: Jim Shu <jim.shu@sifive.com>
Co-developed-by: Andy Chiu <andy.chiu@sifive.com>
Co-developed-by: Jesse Huang <jesse.huang@sifive.com>
---
 linux-user/syscall.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index b8c278b91d..ec157c1088 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6295,6 +6295,17 @@ abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
 # define PR_SME_VL_INHERIT   (1 << 17)
 #endif
 
+#ifndef PR_GET_INDIR_BR_LP_STATUS
+# define PR_GET_INDIR_BR_LP_STATUS      74
+#endif
+#ifndef PR_SET_INDIR_BR_LP_STATUS
+# define PR_SET_INDIR_BR_LP_STATUS      75
+# define PR_INDIR_BR_LP_ENABLE          (1UL << 0)
+#endif
+#ifndef PR_LOCK_INDIR_BR_LP_STATUS
+# define PR_LOCK_INDIR_BR_LP_STATUS     76
+#endif
+
 #include "target_prctl.h"
 
 static abi_long do_prctl_inval0(CPUArchState *env)
@@ -6477,6 +6488,14 @@ static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
     case PR_SET_TSC:
         /* Disable to prevent the target disabling stuff we need. */
         return -TARGET_EINVAL;
+    case PR_GET_INDIR_BR_LP_STATUS:
+    case PR_SET_INDIR_BR_LP_STATUS:
+    case PR_LOCK_INDIR_BR_LP_STATUS:
+#ifndef do_prctl_cfi
+        return do_prctl_inval1(env, arg2);
+#else
+        return do_prctl_cfi(env, option, arg2);
+#endif
 
     default:
         qemu_log_mask(LOG_UNIMP, "Unsupported prctl: " TARGET_ABI_FMT_ld "\n",
-- 
2.44.0

On 7/30/24 03:53, Deepak Gupta wrote:
> Each application enables indirect branch tracking (forward cfi) for itself
> via prctl. Adding branch tracking prctl in linux-user/syscall.
> 
> Using same prctl code as proposed in cfi patches in kernel mailing list [1]
> 
> [1] - https://lore.kernel.org/all/20240403234054.2020347-1-debug@rivosinc.com/
> 
> Signed-off-by: Deepak Gupta <debug@rivosinc.com>
> Co-developed-by: Jim Shu <jim.shu@sifive.com>
> Co-developed-by: Andy Chiu <andy.chiu@sifive.com>
> Co-developed-by: Jesse Huang <jesse.huang@sifive.com>
> ---
>   linux-user/syscall.c | 19 +++++++++++++++++++
>   1 file changed, 19 insertions(+)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index b8c278b91d..ec157c1088 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -6295,6 +6295,17 @@ abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
>   # define PR_SME_VL_INHERIT   (1 << 17)
>   #endif
>   
> +#ifndef PR_GET_INDIR_BR_LP_STATUS
> +# define PR_GET_INDIR_BR_LP_STATUS      74
> +#endif
> +#ifndef PR_SET_INDIR_BR_LP_STATUS
> +# define PR_SET_INDIR_BR_LP_STATUS      75
> +# define PR_INDIR_BR_LP_ENABLE          (1UL << 0)
> +#endif
> +#ifndef PR_LOCK_INDIR_BR_LP_STATUS
> +# define PR_LOCK_INDIR_BR_LP_STATUS     76
> +#endif

This will of course have to wait until the uapi lands upstream.

> @@ -6477,6 +6488,14 @@ static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
>       case PR_SET_TSC:
>           /* Disable to prevent the target disabling stuff we need. */
>           return -TARGET_EINVAL;
> +    case PR_GET_INDIR_BR_LP_STATUS:
> +    case PR_SET_INDIR_BR_LP_STATUS:
> +    case PR_LOCK_INDIR_BR_LP_STATUS:
> +#ifndef do_prctl_cfi
> +        return do_prctl_inval1(env, arg2);
> +#else
> +        return do_prctl_cfi(env, option, arg2);
> +#endif

Do not combine 3 prctl into one.
Do not put the ifdef here; put it above with the rest, e.g.

#ifndef do_prctl_set_fp_mode
#define do_prctl_set_fp_mode do_prctl_inval1
#endif


r~